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REMARKS/ARGUMENTS 
The arguments presented herein include the arguments Applicants discussed with the 
Examiner during phone interview dated June 25, 2010. The Examiner said that the arguments 
seemed persuasive and requested Applicants to submit the discussed arguments for 
reconsideration, which Applicants present herein. Applicants submit that the arguments 
presented herein make the substance of the phone interview of record to comply with 37 CFR 
1.133. If the Examiner believes that further information on the interview needs to be made of 
record to comply with the requirements. Applicants request the Examiner to identify such further 
information. 

1. Claims 31. 32. 34. and 40-46 are Patentable Over the Cited Art 

The Examiner rejected claims 31, 34, and 40-46 as obvious (35 U.S.C. §103(a)) over 
Sheinis (U.S. Patent Pub. No. 2004/0019809) in view of Srivastava (U.S. Patent Pub. No. 
2002/0120685). Applicants traverse. 

Claim 3 1, 47, and 56 require receiving a call request from a user to execute an object; 
determining an access authority for the user; acquiring an object access authority set for the 
object indicating access authorities for methods called by the object; comparing the user access 
authority and the object access authority set to determine whether the user access authority 
permits access to the methods called by the object; and searching a storage section storing 
execution results for a previous execution of the object prior to executing the call request and in 
response to determining that the user access authority permits access to the methods called by the 
object. 

In the Response to Arguments, the Examiner cited paras. 7, 17, 110, 130 of Sheinis as 
teaching the claim requirement of acquiring an object access authority set for the object (to 
execute) indicating access authorities for methods called by the object in order to determine 
whether the user access authority permits access to methods called by the objects the user is 
trjrnig to execute. (FOA, pg. 2). Applicants traverse. 

The cited para. 7 mentions entity based security to control access to an entity bean (EJB) 
that is the target of a method call. Access rights may be provided for different groups of users to 
control methods that users may call on the entity bean, such as to view information contained in 
the entity bean, and to provide users access to methods that perform other operations on the 
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entity bean, such as create, remove, update, delete, view. . The cited para. 17 mentions that the 
request is for a method associated with the server object. The cited para. 110 mentions that the 
entity security check for a call for an interface to a component is formed before the EJB method 
call. It could also be desirable to perform the entity access check after a method call. If a 
security check after the call fails, the client will receive a security exception. 

The cited Sheinis discusses providing access rights for different groups of users to 
determine whether a user may invoke a certain method on an object. This does not teach the 
claim requirement of acquiring an object access authority set for the object indicating access 
authorities for methods called by the object. Instead, the cited Sheinis discusses determining if a 
user has authority to access or invoke a method on an entity or object. This does not teach or 
suggest determining access authority for methods called by the object so that the access authority 
of methods called by the object being executed is checked, but instead discusses whether to 
approve a user call. Applicants submit that the cited Sheinis' discussion of determining whether 
a user may invoke a method on an object, such as an entity bean, does not teach determining the 
access authority of methods called by the object the user is calhng to execute. 

In the rejection, the Examiner further cited paras. 90-98 and 109-1 13 of Sheinis as 
teaching the claim requirement of acquiring an object access authority set for the object (to 
execute) indicating access authorities for methods called by the object. (FOA, pg. 6) Applicants 
traverse. 

The cited para. 90 mentions determining whether a call on an interface is authorized for a 
user on whose behalf the call was made. An EJB (Enterprise Java Bean) proxy determines 
whether the call is authorized and extracts security characteristics from the call, which can 
include the type of call and identity of the user making call, to make this determination. The 
cited para. 91 mentions that the EJB proxy provides security characteristics to an access control 
manager. The cited para. 92 mentions that the access control manager obtains access rules for 
security characteristics and rules specific to the call made. The cited para. 93 discusses 
examining access control rules to determine whether to approve or reject a call by determining 
whether the call is allowed. Paras 93 and 94 discuss example of rules that indicate to allow or 
not allow a type of call. Para. 95 mentions that the access control manager queries a policy 
manager for authorization to make the call. The cited para. 96 mentions that the policy manager 
determines authorization given access control rules for the call and identity of the user. The 
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cited para. 97 mentions the policy manager verifying that the logged-in user has access to the 
entity bean and compares the roles and para. 98 discusses the policy manager responding as to 
whether the call is authorized. 

The cited paras. 90-98 discuss rules indicating whether a type of call to the object EJB is 
allowed. This discussion of determining whether a type of call to the object is allowed does not 
teach or suggest the claim requirement of an access authority set for the object indicating access 
authorities of methods that the object, as opposed to the user, calls. The Examiner has not shown 
where paras. 90-98 teach or mention looking at access authorities of methods called by the object 
subject to the call request from the user. 

The cited paras. 109-1 13 are similarly deficient. The cited para. 109 mentions verifying 
whether the user has authority to access an entity. The cited para. 110 mentions when the 
security check is performed. The cited para. Ill mentions determining if a user can access 
arguments of an EJB method. The cited paras. 1 12 and 113 mentions that access control can be 
determined before or after the call. 

These cited paras. 1 09- 11 3 do not teach the claim requirement of acquiring an object 
access authority set for the object indicating access authorities for methods called by the object. 
Instead, the cited Sheinis discusses looking at the authority of the user call to the object, not 
looking at the access authorities of methods called by the called object, which is called by the 
user. For instance, the Examiner has not cited where Sheinis teaches looking at the access 
authority of methods the Java EJB calls, as opposed to methods a user may invoke on the Java 
bean. 

In the Response to Arguments, the Examiner cited paras. 70, 89, and 220 of Srivastava as 
teaching the claim requirement of searching a storage section storing execution results for a 
previous execution of the object prior to executing the call request and in response to 
determining that the user access authority permits access to the methods called by the object. 
(FOA, pg. 3) Applicants traverse. 

The cited para. 70 discusses caching parameters and instructing the service engine to use 
or not use cache memory, and inform the engine how long cached data should be retained. 
When data is static and changes infrequently, requesting retention of fetched data can reduce 
network traffic and provide faster service. The cited para. 89 mentions that caching information 
may be stored for each service indicating the extent to which output data for the service should 
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be cached. The cited para. 220 mentions an execution manger that checks for availability of 
cached service responses before executing a service and if a response is available, no service will 
be executed and cached response is returned. 

Although the cited Srivastava discusses returning service responses from cache before 
executing a service, there is no teaching of searching a storage section storing execution results 
for a previous execution of the object prior to executing the call request and in response to 
determining that the user access authority permits access to the methods called by the object. 
This particular combination of retuming stored execution results upon checking user access 
authority with respect to methods called by the object that is called to execute is not taught or 
suggested in the cited combination. 

The Examiner additionally cited paras. 345-347 of Srivastava as teaching the searching a 
storage section limitation. (FOA, pg. 6) Applicants traverse. 

The cited para. 345 mentions that service components attempt to read information from 
the cache, and if not in cache read from the registries. Para. 346 mentions that service caches 
may be implemented as database tables. The cited para. 347 mentions that when a service engine 
starts-up, it populates the service cache and updates entries. These cited paragraphs also do not 
teach or suggest the claim requirement of searching for results for a previous execution of an 
object in response to determining that the user access authority permits access to the methods 
called by the object. 

Accordingly, claims 3 1, 47, and 56 are patentable over the cited art because the cited 
Sheinis and Srivastava do not teach or suggest all the claim requirements. 

Claims 31-34 and 40-46, 48-55, and 57-64 are patentable over the cited art because they 
depend from one of claims 31, 47, and 56, which are patentable over the cited art for the reasons 
discussed above, and because the combination of these dependent claims with the base and any 
intervening claims provide fiirther grounds of patentability over the cited art. 

Claims 40, 50, and 59 depend from claim 31, 47, and 56, respectively, and further require 
determining methods called by the object; determining an access authority for each determined 
method; generating the object access authority set to comprise the determined access authorities 
of the determined methods, wherein the object access authority set indicates access authorities 
needed to execute the determined methods. 
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The Examiner cited the above discussed paras. 90-98 and 109-113 of Sheinis as teaching 
the additional requirements of these claims. (FOA, pg. 7) Applicants traverse. 

As discussed, the cited paragraphs of Sheinis discuss determining whether a call is 
allowed from a user by examining rules on types of permissible calls. The cited Sheinis does not 
teach determining an access authority for each determined method to generate the object access 
authority set to indicate access authorities needed to execute the methods called by the object. 
Instead, the cited Sheinis discusses determining whether a call by a user is permitted, not the 
claim requirement of determining methods called by the object subject to the user call and then 
determining the access authority for each method the called object calls. For instance, the 
Examiner has not cited where Sheinis teaches determining methods called by the java entity bean 
(EJB) called by the user and then generating an object access authority to have access authorities 
of methods called by the EJB. Instead, the cited Sheinis discusses determining access authority 
of methods a user may invoke on an object. 

Accordingly, claims 40, 50, and 59 provide additional grounds of patentability over the 
cited art because the cited combination of Sheinis and Srivastava do not teach or suggest the 
additional requirements of these claims. 

Claims 41, 51, and 60 depend from claims 40, 40, and 59, respectively, and fiirther 
require that determining the access authority for each determined method calling additional 
methods comprises determining the access authorities of the additional methods called by the 
method, wherein the object access authority set for the method additionally includes the 
determined access authorities of the additional methods called by the method. 

The Examiner cited paras. 72, 83, 114, and 130 of Sheinis as teaching the additional 
requirements of these claims. (FOA, pgs. 4, 8) Applicants traverse 

The cited para. 72 mentions that an EJB proxy is generated in response to a request to a 
service locator for a home interface. When a servlet requests a home interface from a service 
locator, an EJB proxy is dynamically generated to provide a supra-interface for the servlet 
through which the servlet can access the home interface. This allows the EJB to control access. 
The service locator wraps the home interface in the EJB proxy to control access. The cited para. 
83 discusses Java classes with methods to determine the access rights of an access request for a 
target EJB. Placing the functionality in the EJB container provides security for non-Web based 
clients. The cited para. 114 mentions ensuring that the user represented by the call has access to 
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the entities the user created. The cited para. 130 mentions a role of viewer and administrator, 
where the viewer is permitted to call a method to view a salary in an employee record and an 
administrator may call methods to create, view, modify and delete an employee record. 

Although the cited paragraphs of Sheinis discuss how to control the calls different users 
may make to access the EJB with different methods, there is no teaching or suggestion of the 
claim requirement that for each determined additional method called by methods the object calls, 
determining the access authorities of the additional methods called by the method called by the 
object. For instance, the Examiner has not cited where Sheinis teaches determining methods 
called by methods the EJB calls to include in the object access authority set for the method. 
Instead, the cited Sheinis discusses how to determine when a call may be made by a user to the 
EJB, not to determine the access authority of additional methods called by methods called by the 
EJB object to include in an access authority set for the object. The Examiner has not cited where 
Sheinis teaches an access authority set having the access authorities for all methods called by an 
object and additional methods called by the methods the object calls. 

Accordingly, claims 41,51, and 60 provide additional grounds of patentability over the 
cited art because the cited combination of Sheinis and Srivastava do not teach or suggest the 
additional requirements of these claims. 

Claim 42, 52, and 61 depend from claims 40, 50, and 59, respectively, and further require 
that access to the execution resuhs is not granted to the user if the access authority for one 
determined method is unknown. 

The Examiner cited the above discussed paras. 93, 94, and 97 of Sheinis as teaching the 
additional requirements of these claims. (FOA, pg. 8) Applicants traverse. 

Although the cited paras. 93, 94, and 74 discuss rules indicating whether a type of call is 
allowed and determining whether a type of call is allowed, this does not teach or suggest the 
claim requirements that access to the execution results of executing the method called by the 
object is not granted if the access authority for one method called by the object the user wants to 
access is unknown.. The Examiner has not cited any part of Sheinis or other art that teaches 
denying access to the execution results if the access authority of one method called by the 
requested object is unknown. 
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Accordingly, claims 42, 52, and 61 provide additional grounds of patentability over the 
cited art because the cited combination of Sheinis and Srivastava do not teach or suggest the 
additional requirements of these claims. 

Claims 43, 53, and 62 depend from claims 42, 52, and 61, and fiirther requires that the 
object is executed even if access to the execution results is not granted. 

The Examiner cited the above discussed paras 93-94 of Sheinis as teaching the additional 
requirements of these claims. (FOA, pg. 8) Applicants traverse. 

Applicants submit that the discussion in Sheinis of rules indicating whether a type of call 
is allowed and determining whether a type of call is allowed does not teach or suggest that an 
object is executed even if access to execution results is not granted. The Examiner has not cited 
where Sheinis or other cited art teaches or suggests the distinction of the claims of executing an 
object even if access to execution results are not granted. 

Accordingly, claims 43, 53, and 62 provide additional grounds of patentability over the 
cited art because the cited combination of Sheinis and Srivastava do not teach or suggest the 
additional requirements of these claims. 

Conclusion 

For all the above reasons. Applicant submits that the pending claims 31-34 and 40-64 are 
patentable. Should any additional fees be required beyond those paid, please charge Deposit 
Account No. 09-0460. 

The attorney of record invites the Examiner to contact him at (310) 553-7977 if the 
Examiner believes such contact would advance the prosecution of the case. 



Dated: July 15, 2010 By: /David Victor/ 

David W. Victor 
RegisfrationNo. 39,867 

Please direct all correspondences to: 

David W. Victor 

Konrad Raynes & Victor, LLP 

315 South Beverly Drive, Ste. 210 

Beverly Hills, CA 90212 

Tel: (310) 553-7977 

Fax:310-556-7984 
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